摘要
在当前Linux系统的地址空间布局随机化(ASLR)实现中,不是所有的地址都随机,可执行程序仍然被加载到固定的地址,因此攻击者可以直接利用可执行程序代码段中的指令片段,进行代码重用攻击。针对Linux ASLR的不足,提出并实现了一种基于基址重定位的地址随机化技术。在预处理时,通过IDA插件提取执行程序中需要基址重定位的指令,为可执行程序添加基址重定位信息。在加载时,使用定制的ELF加载器,将代码段映射到随机地址,并进行基址重定位。经过测试,该方法能有效地防御重用可执行程序代码段中指令的代码重用攻击,并且仅有1.31%的性能损耗。
In current implementation of Linux address space layout randomization (ASLR) , not every memory area is randomized. The executable program is still located at a fixed address, so the gadget used by code reuse attack can be searched in executable program code segment. To solve this problem, this paper proposes and implements a new method: address randomization technology based on base relocation. This method uses an IDA plugin to extract the base relocation information of executable program by static analysis in pre-processing and uses a custom ELF loader to map the code segment to a random address and relocate. Evaluation shows the method can foil code reuse attack using gadget in the executable program code segment and only has low runtime overhead of 1.31%.
出处
《信息工程大学学报》
2016年第6期748-753,共6页
Journal of Information Engineering University
